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REMARKS 

Claims have only been reformulated in order to conform to the requirements 
of U.S. practice and no new matter has been added. 

The numbering of the Claims 12 to 20, which in the prior amendment were 
inadvertently listed as Claims 2-10, has been corrected. Claim 12 corresponds to 
Claim 2; Claim 13 to Claim 3 etc. 

Claim 1 1 recites a method for secure execution of an instruction sequence of a 
computer application in the form of data, called typed data and comprising an 
identifier, said method comprising the following steps performed by an interpreter of 
a computer system, particularly an embedded microchip system, during the execution 
of a sequence of instructions of predetermined types: 
identifying a type of said typed data; 

storing the type of said typed data in a first series of given locations in a 
memory of said computer system; 
wherein the interpreter further performs the following steps: 

generating additional data called type information elements, associated 
with each of said typed data and based on said identifier; 
storing or updating said type information elements in a second series of 
given storage locations, in order to specify the type of these typed data; 
continuously verifying, prior to the execution of each of the predetermined 
instructions, of the matching between a type indicated by these instructions 
and an expected type indicated by said type information elements stored in 
said second series of storage locations, so that said execution is authorized 
only when there is match between said types; 
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and wherein the second series of given storage locations corresponding one-to-one 
with the first series of given storage locations. 

It is respectfully submitted that this claim and those dependent therefrom, 
clearly and patentably distinguish the cited reference. Further, said claims are clearly 
statutory as the step of storing on a memory of a computer system cannot be 
considered as the mere rerun execution of an instructions sequence. 

For convenience, Applicant will present below a point-by-point response to 
the objections raised by the Examiner in the order that they were raised: 

Paragraph 2: 

The Examiner objected to Claim 20 as not limiting the subject matter further 
than Claim 17 on which it depends. 

Claim 17 has been modified by replacing the term "smart card" by the term 

"microchip". This amendment is supported by paragraph [0003] of the instant 

application reciting: 6 Within the context of the invention, the term "embedded 

System" should be understood in its most general sense. It particularly concerns all 

kinds of low-power terminals equipped with a microchip, and more particularly 

smart cards per se.' The paragraph [0124] also supports this modification: "Finally, 

although the invention is particularly advantageous for embedded microchip 

Systems wherein the computer resources, both in terms of data processing and data 

storage, are limited, particularly for smart cards, it is entirely suitable, a fortiori, for 

more powerful Systems." 

Claim 20 thus now further limit the subject matter of Claim 17 by precising 
that the embedded microchip system is a smart card. 



8 



Appln. No. 10/031,226 



Attorney Docket No. T2 146-907703 



Para2raph 3: 

The Examiner objected to the Claims because of their formulation. We thus 
replaced the expression "characterized in that" by the term "wherein" and added the 
expression "comprising:". The independent claims now include a preamble, a 
"wherein phrase and a conclusory text setting forth those steps which Applicant 
considers as patentably inventive subject matter. 

Paragraph 4: 

The Examiner objected to the Title as not being indicative of the invention to 
which the claims are directed. In the previous Official Action, the Examiner suggested 
the following title: "Method for Implementing and Securing a Typed Data Language 
in an Embedded System" and Applicant proposed the following title instead: "Method 
and Embedded System for Implementing and Securing a Typed Data Language in a 
Computer System". 

The Examiner still objects this Title and states that a computer is not always 
an embedded system. This is true, but an embedded system as defined in the 
specification is always a computer system, in the general sense of a system equipped 
with processing means able to perform computations. The paragraph [0036] of the 
instant application reads as follows: "Hence, the main subject of the invention 
is a method for the secure execution of an instruction sequence of a computer 
application in the form of typed data stored in a first series of given locations in a 
memory of a computer System, particularly an embedded microchip System ." This 
paragraph contains the same wording as the Claims. It is respectfully submitted that 
the proposed Title is fully supported by the specification and is definitely indicative of 
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the invention to which the claims are directed. Reconsideration of the proposed Title 
is thus respectfully requested in view of the above precisions. 

Paragraph 5: 

The Examiner objected to Claims 1 1-20 as being directed to a non-statutory 
subject matter. The claims have been reformulated to more clearly indicate the 
physical "things" and the "acts" performed, for example, the step of storing or 
updating information elements in a second series of given storage locations. 

The Examiner also states that the specification does not provide how these 
instructions are stored in a computer or data storage device. Applicants refer again to 
paragraph [0036] of the instant application, which reads as follows: "Hence, 
the main subject of the invention is a method for the secure execution of an 
instruction sequence of a computer application in the form of typed data stored in a 
first series of given locations in a memory of a computer System, particularly an 
embedded microchip System ." The specification contains many explanation of how 
the instructions are stored. See, for instance, the paragraph [0117] reciting: "Any 
application, for example downloaded via the Internet RI and written in "Java" 
language, is compiled by the compiler 9 and loaded via a smart card reader 70 into 
the memory circuits 1 of the smart card 8." There is little doubt that one skilled I the 
art would have little problem in storing instructions in a computer or data storage 
device. 

Paragraph 6: 

The Examiner objected to Claims 1 1-20 as being narrative and indefinite. 
Applicant has rewritten the claims and added line indentations indicating the steps of 
the method. The claims have also been reformatted to help their understanding. 
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Paragraph 7: 

The Examiner objected to the expression "the secure execution" in Claims 1 1 
and 17 because of insufficient antecedent basis. Applicant has withdrawn the term 
"the" so that the introduction o the claim reads "Method for secure execution of. . .". 

Paragraphs 8 to 10; 

The Examiner states that Schwabe anticipates the present invention under 35 
USC 102. Applicant respectfully disagrees. 

Actually, the patent of Schwabe aims at preventing the need for the present 
invention, as recited on column 4, lines 52-62 or on column 14, lines 15-20 of 
Schwabe. Indeed, Schwabe' s invention consists of a verification prior to the execution 
of an application (i.e. a sequence of instructions) and not during the execution of the 
application (at each step before executing each instruction in the sequence, as in the 
present invention). Thanks to this "pre-execution verification", the process disclosed 
by Schwabe allows that the "stack monitoring for overflows" is not necessary 
anymore. This clearly means that the invention of Schwabe will not use a stack 
monitoring as used in the present invention comprising the classical monitoring of 
operand stacks (first series of storage location) and the new and inventive monitoring 
of a second stack (second series of storage location) containing the information 
related to the identified types of data of a sequence of instructions. The invention of 
Schwabe uses only one stack for the verification since it verifies the sequence of 
instructions all at once, prior the execution of this sequence. Thus, Schwabe does not 
and cannot anticipate the step of storing or updating information elements in a second 
series of given storage locations. 
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Furthermore, Schwabe teaches a resources-constrained device which can be a 
smart card, but the system of Schwabe requires a remote verification of the 
application prior its loading into the memory of this smart card (column 18, lines 22- 
28 and lines 53-60 of Schwabe). This clearly means that the verifier of Schwabe 
cannot be implemented in an embedded microchip system such as a smart card 
contrary to the present invention. 

Schwabe teaches that when the verification of a sequence of instructions is 
coupled with the execution of this sequence of instructions, the verification is 
performed prior the execution of the whole sequence, not during the execution of the 
sequence as a whole and prior to the execution of each instructions of the sequence. It 
is important to understand the difference between a verification of the whole sequence 
of instructions (i.e. of the whole application, for instance) prior its execution and a 
verification of each instructions prior to their execution, during the execution of the 
sequence. 

In the paragraphs column 14, line 58 to column 15, line 45 of Schwabe's 
description cited by the examiner, it is explained that the verifier of Schwabe creates a 
single virtual stack which is compared directly to the binary file (which can also be an 
API definition file as recited in column 16) for checking matching of expected types 
of each instruction prior the execution of the binary file, until the process reaches the 
last instruction. This clearly means that the verifier does not examines the instructions 
during the execution of the sequence of instructions but instead verifies the binary 
files entirely before it can be executed. 

Schwabe does not teach or suggest an the interpreter performing the following 
steps, during the execution of a sequence of instructions of predetermined types: 
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generating additional data called type information elements, associated 
with each of said typed data and based on said identifier; 
storing or updating said type information elements in a second series of 
given storage locations, in order to specify the type of these typed data; 
continuously verifying, prior to the execution of each of the 
predetermined instructions , of the matching between a type indicated by 
these instructions and an expected type indicated by said type information 
elements stored in said second series of storage locations, so that said 
execution is authorized only when there is match between said types; 
and wherein the second series of given storage locations corresponding one-to-one 
with the first series of given storage locations. 

In bold and underlined above are the particular features that are not found in 
Schwabe' s invention and that are specific to the present invention. Schwabe thus does 
not anticipate the present invention as claimed in Claims 1 1 and 17. In a rejection 
under 35 USC 102 the claimed invention must be identically disclosed, and the prior 
art patent alleged to anticipate must teach in a single structural combination all 
elements of the invention which perform substantially the same work in the same 
way. Simmonds Precision Products, Inc. v. United States , 153 USPQ 465 (CCL 
1967) 

Claims 1 1 and 17 are thus patentably distinguishable from Schwabe. 

Paragraph 11 to 16: 

Independent Claims 1 1 and 17 being patentably distinguishable from 
Schwabe, the dependent Claims 12-16 and 18-20 are thus also patentably 
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distinguishable from Schwabe, at least in their combination with one of these 
independent claims. 

In particular, referring to paragraph 1 1 of the Office Action, the virtual stack 
of Schwabe does not correspond one-to-one with the stack monitored during the 
execution of the sequence of instructions since they are not generated at the same time 
and the virtual stack of Schwabe will contain all the type of all the instructions 
whereas the stack monitored during the execution will be updated for each instruction 
and usually not contain the operands of all the instructions as set forth in Claims 11, 
13 and 17. 

Referring to paragraph 12 of the Office Action, Schwabe does not teach to use 
a second series of storage locations (i.e. second stack) as set forth in Claims 11 and 
17, and only teaches to use a single virtual stack. 

Referring to paragraph 13 of the Office Action, the paragraph of Schwabe 
cited by the examiner does not contain any reference to a replacement of the 
instruction by pre-programmed security measures because the verification is done 
before the execution and an incorrect instruction does not have to be replaced by 
another instruction to be executed. In contrast, Schwabe teaches to generate a program 
error that may prevent the execution of the sequence of instructions. 

Referring to paragraph 14 of the Office Action, Schwabe teaches the use of a 
smart card, but it requires a remotely pre-verified sequence of instruction contrary to 
the present invention. 

Referring to paragraph 15 of the Office Action, the paragraph of Schwabe 
cited by the Examiner does not contain any reference to additional information 
elements that determine the size of the storage location. 
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Referring to paragraph 16 of the Office Action, the paragraph of Schwabe 
cited by the Examiner does not contain any reference to the indication of the necessity 
for saving or erasing an instruction by a flag and the word "flag" in Schwabe has a 
completely different signification. 

Conclusion: 

In that the cited reference fails to teach or suggest each and every feature of 
the claims, Applicant respectfully submits that the claims submitted herewith are 
patentably distinguishable therefrom. A prompt Notice of Allowance is respectfully 
requested. 

Should the Examiner believe that any further action is necessary to place this 
application in better form for allowance, the Examiner is invited to contact 
Applicants' representative at the telephone number listed below. 

The Commissioner is hereby authorized to charge to Deposit Account No. 50- 
1165 (T2 146-907703) any fees under 37 C.F.R. §§ 1.16 and 1.17 that may be required 
by this paper and to credit any overpayment to that Account. If any extension of time 
is required in connection with the filing of this paper and has not been separately 
requested, such extension is hereby requested. 



Respectfully submitted, 



MILES & STOCKBRIDGE P.C. 




Edward J./fcondi 
Reg. No. 20,604 



1751 Pinnacle Drive, Suite 500 
McLean, Virginia 22102-3833 
Telephone: (703)610-8627 
#9307500vl 
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